From: Peter Staubach (staubach@nyday.eng.sun.com)
Date: 07/01/99-10:36:54 AM Z
Date: Thu, 1 Jul 1999 08:36:54 -0700 (PDT) From: Peter Staubach <staubach@nyday.eng.sun.com> Message-Id: <199907011536.IAA94622@nyday.eng.sun.com> Subject: Re: uid string > > It is not entirely clear to me that strings as ids are going to solve > anything. Potentially, our server say could take whatever string ids > are sent with a file create, stuff them into the file system, and > return them on demand to any client - leaving it as a client issue as > to how to map "non-native" identifiers. > I think that my question really boils down to "How would you do that?", this client issue? > > Doesn't Kerberos V5 work now with a modified Solaris NFS? It does not > encode ids as strings, does it? (perhaps a description of the new > Kerberos support in Solaris would clarify some of the issues here...) > The over the wire NFS protocol bits did not change. The authentication information and how it gets handled did change, but not the NFS protocol. > Anyway, mappings will continue, using a string encoding vs. an numeric > identifier will not change this - mechanical conversion of strings to > internal numerical id on UNIX platforms will incur additional overhead > in processing requests - caches can reduce that cost. But it is more > work. > It does seem to like just extra overhead (for no gain in AUTH_SYS) to me. Yes, the overhead can be reduced (not eliminated) with a cache, but then how does one do cache validation? Do any of the name services which would need to be used support anything which be helpful here? > Am I looking at this wrong? I am probably missing something here. > I think a description of the Kerberos V5 support in NFS would help > me. > I would also like to understand what I am missing because I must be missing the same set of things. Do we need to go back to the attributes definition and rethink that? Perhaps different clients and servers have different requirements and capabilities and these need to be taken into account, instead of trying to form one attributes definition which causes everyone to have problems.
This archive was generated by hypermail 2.1.2 : 03/04/05-01:47:17 AM Z CST